Skip to main content

Hiya

We have noticed users creating strava accounts with temporary email address providers

And then coming to our app

We cannot detect this behaviour in our app - so would kindly ask Strava to enhance its security on the use of temporary email addresses to create accounts

It would be good in the Athlete API response we could get the users email address also so we can check its domain

Thanks

How will you know they use temporary email accounts? As you said yourself the API doesn’t reveal that und it should stay that way. The OAuth process is there especially so the real login data keep secret.


Reply